IBM DB2 Universal Database EXCSAT Long MGRLVLLS Message DoS

2006-05-30T09:18:59
ID OSVDB:29861
Type osvdb
Reporter Elad Tabak(), Ohad Atia(), Amichai Shulman(adc@imperva.com)
Modified 2006-05-30T09:18:59

Description

Vulnerability Description

DB2 contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker initiates a connection withe a very long MGRLVLLS message within and EXCSAT message, and will result in loss of availability for the service.

Solution Description

Upgrade to version 8 FixPak 12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

DB2 contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker initiates a connection withe a very long MGRLVLLS message within and EXCSAT message, and will result in loss of availability for the service.

References:

Vendor URL: http://www-3.ibm.com/software/data/db2/ Vendor Specific Advisory URL Secunia Advisory ID:20579 Related OSVDB ID: 29860 Related OSVDB ID: 29862 Related OSVDB ID: 27992 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0060.html FrSIRT Advisory: ADV-2006-2332 CVE-2006-3066 Bugtraq ID: 18428